CodeScan is committed to secure its SaaS offering with state-of-the-art technologies and best practices. The following document describes this approach to security allowing clients to better understand how their data is protected.
Infrastructure and Data Security
CodeScan hosts its data in a server environment that is completely secure, and uses advanced technology to prevent all unauthorized access.
CodeScan runs on hardened Linux hosts, carefully-configured security groups, segmented VPCs, and role-based access controls, combined with other advanced protections built into the cloud infrastructure.
Management APIs are monitored and alarms are raised upon detecting suspicious activity. Administrators with access to CodeScan’s production environment are enforced with the use of MFA.
CodeScan Cloud has built-in rate limiting and automated blocking features to mitigate advanced denial of service or authentication attacks. The network infrastructure is protected against volumetric attacks by our cloud providers, in addition to a dedicated DDoS mitigation service.
CodeScan Cloud’s infrastructure is continuously monitored for security events. We collect logs from our internal server infrastructure and the external cloud services that we use. We centralize and analyze this data to detect potential security incidents, and any suspicious activity triggers an alert and is responded to by a security engineer.
CodeScan performs real-time data replication between our geographically diverse, protected facilities, to ensure your data is available and safely stored. This means that should even an unlikely event occur, such as an entire hosting facility failure, we can switch over quickly to a backup site to keep CodeScan and your business running. We transmit data securely, across encrypted links.
Passwords are always hashed (and salted) securely using bcrypt. Both data at rest and in motion is encrypted - all network communication uses TLS with at least 128-bit AES encryption.
The connection uses TLS v1.2, and it is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
Your metadata, such as OAuth credentials, are also encrypted using Advanced Encryption Standard at rest when it is stored on our servers.